EulerOS 2.0 SP1 : krb5 (EulerOS-SA-2016-1076)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry...

krb5: Memory leak caused by supplying a null principal name in request

A memory leak flaw was found in the krb5unparsename function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of...

krb5: xdr_nullstring() doesn't check for terminating null character

An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission,...

krb5: xdr_nullstring() doesn't check for terminating null character

An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission,...

krb5: Memory leak caused by supplying a null principal name in request

A memory leak flaw was found in the krb5unparsename function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of...

MIT krb5 kadmind libgssrpc service application information disclosure vulnerability

Kerberos is a network authentication protocol that provides user authentication using a ticket-based system for client-server systems.MIT Kerberos 5 is an open source Kerberos implementation. MIT krb5 kadmind contains a security vulnerability in the libgssrpc service application that can lead to...

MIT krb5 kadmind security bypass vulnerability

MIT krb5 also known as MIT Kerberos 5 is a set of network authentication protocols developed by the Massachusetts Institute of Technology MIT in the U.S. It adopts a client/server structure, and both the client and server side can authenticate each other i.e., double authentication, which prevent...

DEBIAN-CVE-2014-5351

The kadm5randkeyprincipal3 function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access...

UBUNTU-CVE-2014-5351

The kadm5randkeyprincipal3 function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access...

Moderate: Red Hat Security Advisory: krb5 security update

Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Debian DSA-2031-1 : krb5 - use-after-free

Sol Jerome discovered that kadmind service in krb5, a system for authenticating users and services on a network, allows remote authenticated users to cause a denial of service daemon crash via a request from a kadmin client that sends an invalid API version number. %NASLMINLEVEL 70300 C Tenable...

[SECURITY] [DSA 2031-1] New krb5 packages fix denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-2031-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano April 11, 2010 http://www.debian.org/security/faq -...

DSA-2031-1 krb5 - denial of service

Bulletin has no description...

Ubuntu Update for krb5 vulnerabilities USN-924-1

Ubuntu Update for Linux kernel vulnerabilities USN-924-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9241.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for krb5 vulnerabilities USN-924-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...